What a pity,you are not the developer from SSF. I have reported a few bugs to the developers usinng their "helpdesk", they just ignore it.
For example, I send them an sample that bypass SSF's protection, they just said SSF is OK, they will not spend time on that.

What a pity,you are not the developer from SSF. I have reported a few bugs to the developers usinng their "helpdesk", they just ignore it.
For example, I send them an sample that bypass SSF's protection, they just said SSF is OK, they will not spend time on that.

Click to expand...

I use SpyShelter Firewall because I find its logging useful under certain circumstances, so I was interested in your experience with it.

I noticed that installing SSFW on one W10 system breaks extensions (uBlock Origin and LastPass) in Microsoft Edge.

SSF doesn't protect against ransomware? hmm....it might be time to rethink things.

Click to expand...

It does protect against the execution of unknown\untrusted programs - which includes ransomware.

However, if the user allows the unknown\untrusted file execution, then it does not detect file encryption - but at the same time - it should protect files placed into protected folders from being encrypted.

There are those that are paranoid that a normally trusted file that is digitally signed and download from a trusted website will turn out to be ransomware. It's possible, but not likely. And most security products are going to miss the sample as well if they fully whitelist on the basis of the digital certificate alone.

It does protect against the execution of unknown\untrusted programs - which includes ransomware.

However, if the user allows the unknown\untrusted file execution, then it does not detect file encryption - but at the same time - it should protect files placed into protected folders from being encrypted.

There are those that are paranoid that a normally trusted file that is digitally signed and download from a trusted website will turn out to be ransomware. It's possible, but not likely. And most security products are going to miss the sample as well if they fully whitelist on the basis of the digital certificate alone.

Click to expand...

Oh...well I don't expect any application to protect against idiocy. Why would you allow something that you that you did not cause?

The malware is still running, so it keeps trying to create the autorun key.

Deny only terminates a single action. If the malware keeps trying to do the same thing over-and-over you will get an alert for each time it tries to do it. In this case, the malware attempts to create the autorun key over-and-over and each time you select Deny, it blocks the autorun key creation 1 time.

Tick "Remember my choice" at the bottom of the alert to create a permanent block (or allow) rule.

The malware is still running, so it keeps trying to create the autorun key.

Deny only terminates a single action. If the malware keeps trying to do the same thing over-and-over you will get an alert for each time it tries to do it. In this case, the malware attempts to create the autorun key over-and-over and each time you select Deny, it blocks the autorun key creation 1 time.

Tick "Remember my choice" at the bottom of the alert to create a permanent block (or allow) rule.

OK...interesting but we can see that anyone have mentioned about those things below which are offered in window of alert...user should know and use not only allow/deny button
- the command "Analyze file with ViruScan.Jotti.org"...it couldn't be maybe helpful in this case but can give some advice about allow/deny decision
- option "Apply the choice to all actions for current component" means

When this option is selected, SpyShelter will apply your choice to all other actions of given component (SpyShelter will automatically allow/block/terminate all activities of the component).

Click to expand...

That can be important because malware can use legal process in next steps what we can see in movies - explorer.exe in 60 (first movie) and 45 sec. (second movie). "Apply for all actions" could probably finish infection.
- the button "Terminate" that means something diferent as "Deny" - it doesn't block single alerted action but kill parent (here - malicious) process
- in Settings/Advanced we have the options "Terminate child processes"...also those known and legal...and perhaps more interesting "Terminate all instances" that should "kill all processes with the same path as the suspicious process".
Probably it would be worth to check this tricks also.

OK...interesting but we can see that anyone have mentioned about those things below which are offered in window of alert...user should know and use not only allow/deny button
- the command "Analyze file with ViruScan.Jotti.org"...it couldn't be maybe helpful in this case but can give some advice about allow/deny decision
- option "Apply the choice to all actions for current component" means

That can be important because malware can use legal process in next steps what we can see in movies - explorer.exe in 60 (first movie) and 45 sec. (second movie). "Apply for all actions" could probably finish infection.
- the button "Terminate" that means something diferent as "Deny" - it doesn't block single alerted action but kill parent (here - malicious) process
- in Settings/Advanced we have the options "Terminate child processes"...also those known and legal...and perhaps more interesting "Terminate all instances" that should "kill all processes with the same path as the suspicious process".
Probably it would be worth to check this tricks also.